diff options
author | Jack Mulrow <jack.mulrow@mongodb.com> | 2020-01-09 17:51:42 +0000 |
---|---|---|
committer | evergreen <evergreen@mongodb.com> | 2020-01-09 17:51:42 +0000 |
commit | 239faf80a16019dd5f5a84df0c858ce8937a9a91 (patch) | |
tree | a585d70e5a2f0f6f90208a8396baf4658d22abb0 /src/mongo/db/commands/rwc_defaults_commands.cpp | |
parent | f68734daa5e03a737bfea6703be9870769b0dbaf (diff) | |
download | mongo-239faf80a16019dd5f5a84df0c858ce8937a9a91.tar.gz |
SERVER-45038 Add privilege actions for getDefaultRWConcern and setDefaultRWConcern commands
Diffstat (limited to 'src/mongo/db/commands/rwc_defaults_commands.cpp')
-rw-r--r-- | src/mongo/db/commands/rwc_defaults_commands.cpp | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/src/mongo/db/commands/rwc_defaults_commands.cpp b/src/mongo/db/commands/rwc_defaults_commands.cpp index 0253c2dc31a..848ee832504 100644 --- a/src/mongo/db/commands/rwc_defaults_commands.cpp +++ b/src/mongo/db/commands/rwc_defaults_commands.cpp @@ -31,6 +31,7 @@ #include "mongo/platform/basic.h" +#include "mongo/db/auth/authorization_session.h" #include "mongo/db/commands.h" #include "mongo/db/commands/rwc_defaults_commands_gen.h" #include "mongo/db/dbdirectclient.h" @@ -125,8 +126,12 @@ public: return true; } - void doCheckAuthorization(OperationContext*) const override { - // TODO SERVER-45038: add and use privilege action + void doCheckAuthorization(OperationContext* opCtx) const override { + uassert(ErrorCodes::Unauthorized, + "Unauthorized", + AuthorizationSession::get(opCtx->getClient()) + ->isAuthorizedForPrivilege(Privilege{ResourcePattern::forClusterResource(), + ActionType::setDefaultRWConcern})); } NamespaceString ns() const override { @@ -172,8 +177,12 @@ public: return false; } - void doCheckAuthorization(OperationContext*) const override { - // TODO SERVER-45038: add and use privilege action + void doCheckAuthorization(OperationContext* opCtx) const override { + uassert(ErrorCodes::Unauthorized, + "Unauthorized", + AuthorizationSession::get(opCtx->getClient()) + ->isAuthorizedForPrivilege(Privilege{ResourcePattern::forClusterResource(), + ActionType::getDefaultRWConcern})); } NamespaceString ns() const override { |